Uber paid 20-year-old man to keep data breach secret

Uber covered up the hack for over a year, only revealing the data breach in November, and paid the man to delete the stolen data using a "bug bounty" system, usually used to pay coders that spot code vulnerabilities. The company didn't say how the hacker was paid, or who he was. The company took immediate steps to secure the data and shut down the unauthorised access by the individuals. They're a company that connected security researcher with other companies.

Sources told Reuters that the company ensured the data had been removed by performing a "forensic analysis of the hacker's machine", and made him sign a nondisclosure agreement promising he won't participate in any "further wrongdoing". Newly appointed Uber CEO Khosrowshahi fired two of Uber's top security officials when he announced the breach last month, following an investigation that first alerted Uber's board about the hack. "I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it", Khosrowshahi said of the breach.

However, hacks at Reuters have found out that Uber made the payment a year ago through its bug bounty service.

Even if a company manages to contain and handle a data breach, it has a duty to report it to regulators, which Uber appears to have failed to do, aiming for a cover-up rather than mea culpa. In other words, the Uber executives who knew about the breach used the bug bounty so that they could pay it and pretend it was all part of IT security protocol. But there are no public payment details for HackerOne profiles that amount to the $100,000 Uber reports to have paid for the data destruction or any string of bounties to a single person that add up to that amount, so it's clear the payment wasn't made through the public HackerOne program.

Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.

Once he became aware of the hack, Khosrowshahi reportedly sacked the company's chief security officer and one of his deputies for their roles in hiding the hack, as well as for making the payment. "From an ethical standpoint", Ellis said, "this development creates confusion and potentially damages the growth of the researcher/vendor relationship-despite the fact that it was clearly an extortion payout, and not a true Bug Bounty payout".

Clark worked directly for Sullivan but also reported to Uber's legal and privacy team, according to three people familiar with the arrangement.


Popular
  • N Korea labels US-South Korea drill 'dangerous'

    N Korea labels US-South Korea drill 'dangerous'

    Previous U.S. administrations have failed to stop North Korea from developing nuclear weapons and a sophisticated missile program. A photo released by North Korea's official Korean Central News Agency (KCNA) shows launching of the Hwasong-15 missile.
    3-Year-Old Girl Goes Missing After Mom Puts Her to Bed

    3-Year-Old Girl Goes Missing After Mom Puts Her to Bed

    Woods went to keep an eye on her the next morning, however cautioned experts at around 6 a.m. when she couldn't discover her. Woods, who hasn't seen Mariah or her two brothers since a year ago , said he isn't convinced she was abducted .
    UCLA to name Kelly coach

    UCLA to name Kelly coach

    Kelly will be formally introduced as the Bruins' head coach on the UCLA campus on Monday afternoon. The 49ers now owe Kelly approximately $15 million, sources told ESPN's Darren Rovell.
  • Kate Winslet, Stephen Colbert Reenact 'Titanic' Ending

    Kate Winslet, Stephen Colbert Reenact 'Titanic' Ending

    Not even the late, great Roger Ebert or any other armchair film critic had that label attached to Jack before. Colbert began. "You'll let me get up on that door with you".
    Why is Trump calling Elizabeth Warren Pocahontas?

    Why is Trump calling Elizabeth Warren Pocahontas?

    Putting a hand on the shoulder of one of the two veterans, he said: "But you know what, I like you because you are special". Q: At the event that the president just did with the Navajo code talkers, he referred to Pocahontas being in the Senate.
    Amazon Debuts Sumerian To Help Developers Make VR, AR, 3D Apps

    Amazon Debuts Sumerian To Help Developers Make VR, AR, 3D Apps

    That's thanks to Amazon's existing speech recognition and natural language-processing tech-Lex and Polly, respectively. Supported devices include Google's Daydream, HTC Vive , Facebook's Oculus Rift , and iOS mobile devices.
  • Sri Lanka minister prevents cricketers from travelling to India

    Sri Lanka minister prevents cricketers from travelling to India

    However, the contest is marred by air pollution issues as the visitors wore masks while playing. The islanders are now involved in a three-Test rubber against India.
    Dem Intel Committee Leaders Stress Need For Independence After Flynn Plea

    Dem Intel Committee Leaders Stress Need For Independence After Flynn Plea

    Early on in is administration, Trump had taken a particular interest in the status of the Flynn investigation. Papadopoulos pleaded guilty to lying to the Federal Bureau of Investigation about his own foreign contacts.
    Tesla switches on the world's biggest battery

    Tesla switches on the world's biggest battery

    South Australia, of course, is no stranger to power outages, as blackouts left much of the area without power last summer. Tesla said it hopes the project "provides a model for future deployments around the world".
  • Missing Florida girl may be with high school soccer coach

    Missing Florida girl may be with high school soccer coach

    MISSING CHILD Alert issued for Caitlyn Frisina , W/F, 17yo, 5'7", 135lbs, BR hair & eyes, from Lake City. The department also says they've received tips about the pair being in North Georgia and in SC .
    Manchester United Face Tough Trip to Watford on Tuesday Night

    Manchester United Face Tough Trip to Watford on Tuesday Night

    They can not afford to lose any more ground at least until they face the league-leaders themselves at home in two weeks' time. Pep Guardiola's City have dropped just two points in 13 matches this season, scoring a sensational 42 goals in the process.
    Pakistani Government Calls in Army to Help Disperse Islamist Protesters

    Pakistani Government Calls in Army to Help Disperse Islamist Protesters

    Earlier in the day, a man was reported dead in a firing incident outside the residence of former interior minister Chaudhry Nisar. The blockage has paralysed the capital and blocked the traffic on the Islamabad Expressway since November 6.

CONNECT